[Operators] Spammy servers

Kevin Smith kevin at kismith.co.uk
Fri Mar 1 22:03:44 UTC 2013

On Fri, Mar 1, 2013 at 9:59 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
> expecially to the "high usage" ones (possibly more,
> those with unprotected IBR)... Did you actually ever make a census of how
> many of your concurrent users are actual human beings..?

It's not immediately clear to me how one would reliably do this - do
you have any suggestions?

> Finally, moving forward on the "how to protect account registration",
> there're several very effective measures one of which is CAPTCHA (and that
> needs to be done right, implementations like ejabberd's .. just aren't
> appropriate ..) but alone that doesn't do it obviously, you should put some
> more verification layers after that. I personally employ a long-strict
> captcha on the site form, plus an additional e-mail token verification and
> several timeframe checks (e.g. the user has to verify the account within 5
> minutes and has to do some copy & pasting...).

This sounds very thorough (and entirely reasonable). Is your setup for
doing this generally available so other servers could take advantage
of similar systems?


More information about the Operators mailing list